hallo markus,
ich habe nun noch einmal versucht, deine anweisungen schritt für schritt auszuführen, d.h.:
1. habe den otl scan ausgeführt
2. den inhalt von otl.txt und extras.txt in die textbox "benutzerdefinierte scans/fixes" eingefügt
3. alle programme geschlossen
4. den quick scan ausgeführt
5. nach beendigung des quick scans den inhalt aus der otl.txt datei hier hinein kopOTL Logfile: Code:
OTL logfile created on: 01.03.2012 20:51:19 - Run 5
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Theda\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 48,22% Memory free
6,21 Gb Paging File | 4,58 Gb Available in Paging File | 73,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 585,42 Gb Total Space | 298,90 Gb Free Space | 51,06% Space Free | Partition Type: NTFS
Computer Name: THEDA | User Name: Theda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Theda\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll ()
MOD - c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
========== Win32 Services (SafeList) ==========
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NxpCap) -- C:\Windows\System32\drivers\NxpCap.sys (NXP Semiconductors Germany GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (ndiscm) -- C:\Windows\System32\drivers\NetMotCM.sys (Motorola Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 2C D0 3D 3C D1 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.04 23:34:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 09:15:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.21 08:45:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
[2009.01.31 16:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Extensions
[2012.02.05 18:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions
[2012.01.25 20:20:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.12.24 10:40:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.12.21 08:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.18 09:15:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.03 17:50:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.11 16:10:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.11 16:10:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.11 16:10:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.11 16:10:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.11 16:10:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.11 16:10:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
O4 - HKLM..\Run: [AuditVista] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Theda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll ()
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{490F112D-237A-4E5F-A1E1-864FEC0A7C89}: DhcpNameServer = 192.168.15.155 192.168.5.57 192.168.5.56
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A07022D8-8C3F-4268-BD89-F38F1DFC4C93}: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG
O24 - Desktop BackupWallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d00fe1da-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe
O33 - MountPoints2\{d00fe1e0-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe
O33 - MountPoints2\{d355840c-1d53-11df-9200-001180d0a427}\Shell\AutoRun\command - "" = I:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk /p \??\J:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.02.29 23:30:54 | 000,000,000 | ---D | C] -- C:\Users\Theda\AppData\Local\NPE
[2012.02.29 23:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
========== Files - Modified Within 30 Days ==========
[2012.03.01 20:21:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.01 20:16:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.01 20:16:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.01 18:16:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.01 18:16:17 | 3219,623,936 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.01 00:26:57 | 000,010,894 | ---- | M] () -- C:\Users\Theda\AppData\Roaming\SmarThruOptions.xml
[2012.02.29 23:15:58 | 000,001,886 | ---- | M] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.02.29 23:15:58 | 000,001,815 | ---- | M] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk
[2012.02.29 19:43:40 | 000,147,456 | RHS- | M] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll
[2012.02.26 16:36:56 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.26 16:36:56 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.26 16:36:56 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.26 16:36:56 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.18 09:22:48 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.02.01 23:21:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
========== Files Created - No Company Name ==========
[2012.02.29 23:11:14 | 000,001,886 | ---- | C] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.02.29 23:11:14 | 000,001,815 | ---- | C] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk
[2012.02.29 19:43:40 | 000,147,456 | RHS- | C] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll
[2010.12.21 16:35:12 | 000,000,000 | ---- | C] () -- C:\Windows\bdb.ini
[2010.09.07 20:18:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.07.18 23:28:50 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.03.21 19:32:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
========== LOP Check ==========
[2011.01.30 18:03:36 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\Cornelsen
[2010.03.21 17:54:35 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\GARMIN
[2011.05.13 18:51:03 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\NCH Swift Sound
[2011.11.07 17:19:52 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\OpenOffice.org
[2010.02.04 14:52:47 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\PaperPublisher
[2009.12.29 19:13:14 | 000,000,000 | ---D | M] -- C:\Users\Theda\AppData\Roaming\SmarThru4
[2012.03.01 17:15:44 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< OTL logfile created on: 01.03.2012 20:28:47 - Run 4 >
< OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Theda\Downloads >
< Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation >
< Internet Explorer (Version = 8.0.6001.19088) >
< Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy >
< >
< 3,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 48,55% Memory free >
< 6,21 Gb Paging File | 4,58 Gb Available in Paging File | 73,81% Paging File free >
< Paging file location(s): ?:\pagefile.sys [binary data] >
< >
< %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files >
< Drive C: | 585,42 Gb Total Space | 299,40 Gb Free Space | 51,14% Space Free | Partition Type: NTFS >
< >
< Computer Name: THEDA | User Name: Theda | Logged in as Administrator. >
< Boot Mode: Normal | Scan Mode: Current user >
< Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days >
< >
< ========== Processes (SafeList) ========== >
Invalid Switch: color]
< >
< PRC - C:\Users\Theda\Downloads\OTL(2).exe (OldTimer Tools) >
< PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) >
< PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) >
< PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) >
< PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) >
< PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) >
< PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) >
< PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) >
< PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) >
< PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) >
< PRC - C:\Windows\explorer.exe (Microsoft Corporation) >
< PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) >
< PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) >
< PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () >
< PRC - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () >
< PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) >
< PRC - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) >
< PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) >
< PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) >
< PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) >
< PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) >
< >
< >
< ========== Modules (No Company Name) ========== >
Invalid Switch: color]
< >
< MOD - C:\Programme\Mozilla Firefox\mozjs.dll () >
< MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () >
< MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () >
< MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () >
< MOD - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () >
< MOD - C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll () >
< MOD - C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll () >
< MOD - C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll () >
< MOD - c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU () >
< MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU () >
< MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu () >
< MOD - C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU () >
< MOD - C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll () >
< MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll () >
< MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () >
< MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll () >
< >
< >
< ========== Win32 Services (SafeList) ========== >
Invalid Switch: color]
< >
< SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) >
< SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) >
< SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) >
< SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) >
< SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) >
< >
< >
< ========== Driver Services (SafeList) ========== >
Invalid Switch: color]
< >
< DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) >
< DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) >
< DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) >
< DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) >
< DRV - (NxpCap) -- C:\Windows\System32\drivers\NxpCap.sys (NXP Semiconductors Germany GmbH) >
< DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) >
< DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) >
< DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) >
< DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.) >
< DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) >
< DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) >
< DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) >
< DRV - (ndiscm) -- C:\Windows\System32\drivers\NetMotCM.sys (Motorola Inc.) >
< >
< >
< ========== Standard Registry (SafeList) ========== >
Invalid Switch: color]
< >
< >
< ========== Internet Explorer ========== >
Invalid Switch: color]
< >
< IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) >
< IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} >
< IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} >
< IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 >
< >
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN >
Invalid Switch: ?ocid=iehp
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de >
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 2C D0 3D 3C D1 CC 01 [binary data] >
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 >
< IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} >
< IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC >
< IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 >
< IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >
< IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local >
< >
< ========== FireFox ========== >
Invalid Switch: color]
< >
< FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 >
< FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 >
< FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 >
< >
< >
< FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () >
Invalid Switch: FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
< FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found >
Invalid Switch: iTunes,version=: File not found
< FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () >
Invalid Switch: iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
< FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) >
Invalid Switch: GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
< FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) >
Invalid Switch: JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
< FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) >
Invalid Switch: WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
< FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) >
Invalid Switch: nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
< FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) >
Invalid Switch: nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
< FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) >
Invalid Switch: nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
< FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) >
Invalid Switch: nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
< FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) >
Invalid Switch: nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
< FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found >
Invalid Switch: nsJSRealPlayerPlugin;version=: File not found
< FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) >
Invalid Switch: Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
< FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) >
Invalid Switch: Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
< >
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.04 23:34:11 | 000,000,000 | ---D | M] >
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 09:15:32 | 000,000,000 | ---D | M] >
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.21 08:45:36 | 000,000,000 | ---D | M] >
< FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin >
< FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter >
< >
< [2009.01.31 16:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Extensions >
< [2012.02.05 18:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions >
< [2012.01.25 20:20:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} >
< [2011.12.24 10:40:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Theda\AppData\Roaming\mozilla\Firefox\Profiles\ttxixcyw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} >
< [2011.12.21 08:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions >
< [2012.02.18 09:15:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll >
< [2011.05.03 17:50:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll >
< [2012.01.11 16:10:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml >
< [2012.01.11 16:10:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml >
< [2012.01.11 16:10:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml >
< [2012.01.11 16:10:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml >
< [2012.01.11 16:10:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml >
< [2012.01.11 16:10:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml >
< >
< O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts >
< O1 - Hosts: 127.0.0.1 localhost >
< O1 - Hosts: ::1 localhost >
< O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) >
< O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) >
< O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) >
< O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () >
< O4 - HKLM..\Run: [AuditVista] File not found >
< O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) >
< O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) >
< O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) >
< O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) >
< O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) >
< O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () >
< O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) >
< O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) >
< O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) >
< O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) >
< O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) >
< O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) >
< O4 - Startup: C:\Users\Theda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () >
< O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\SmarThru 4\WEBCapture.dll1.htm () >
< O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\SmarThru 4\WEBCapture.dll2.htm () >
< O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\SmarThru 4\WEBCapture.dll2.htm () >
< O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\SmarThru 4\WEBCapture.dll.htm () >
< O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\SmarThru 4\WEBCapture.dll1.htm () >
< O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\SmarThru 4\WEBCapture.dll.htm () >
< O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll () >
< O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () >
< O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () >
< O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) >
< O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) >
< O13 - gopher Prefix: missing >
< O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{490F112D-237A-4E5F-A1E1-864FEC0A7C89}: DhcpNameServer = 192.168.15.155 192.168.5.57 192.168.5.56 >
< O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A07022D8-8C3F-4268-BD89-F38F1DFC4C93}: DhcpNameServer = 195.234.128.7 195.234.128.16 85.233.58.60 >
< O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
< O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
< O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) >
< O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) >
< O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) >
< O24 - Desktop WallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG >
< O24 - Desktop BackupWallPaper: C:\Users\Theda\Pictures\2011 Holland Uli und Thorsten\Holland 2011\DSC02080.JPG >
< O32 - HKLM CDRom: AutoRun - 1 >
< O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] >
< O33 - MountPoints2\{d00fe1da-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe >
< O33 - MountPoints2\{d00fe1e0-013b-11df-b272-001180d0a427}\Shell\verb1\command - "" = desktop.exe >
< O33 - MountPoints2\{d355840c-1d53-11df-9200-001180d0a427}\Shell\AutoRun\command - "" = I:\Menu.exe >
< O34 - HKLM BootExecute: (autocheck autochk /p \??\J:) >
Invalid Switch: p \??\J:)
< O34 - HKLM BootExecute: (autocheck autochk *) >
< O35 - HKLM\..comfile [open] -- "%1" %* >
< O35 - HKLM\..exefile [open] -- "%1" %* >
< O37 - HKLM\...com [@ = comfile] -- "%1" %* >
< O37 - HKLM\...exe [@ = exefile] -- "%1" %* >
< >
< ========== Files/Folders - Created Within 30 Days ========== >
Invalid Switch: color]
< >
< [2012.02.29 23:30:54 | 000,000,000 | ---D | C] -- C:\Users\Theda\AppData\Local\NPE >
< [2012.02.29 23:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton >
< >
< ========== Files - Modified Within 30 Days ========== >
Invalid Switch: color]
< >
< [2012.03.01 20:21:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job >
< [2012.03.01 20:16:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 >
< [2012.03.01 20:16:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 >
< [2012.03.01 18:16:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat >
< [2012.03.01 18:16:17 | 3219,623,936 | -HS- | M] () -- C:\hiberfil.sys >
< [2012.03.01 00:26:57 | 000,010,894 | ---- | M] () -- C:\Users\Theda\AppData\Roaming\SmarThruOptions.xml >
< [2012.02.29 23:15:58 | 000,001,886 | ---- | M] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk >
< [2012.02.29 23:15:58 | 000,001,815 | ---- | M] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk >
< [2012.02.29 19:43:40 | 000,147,456 | RHS- | M] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll >
< [2012.02.26 16:36:56 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat >
< [2012.02.26 16:36:56 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat >
< [2012.02.26 16:36:56 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat >
< [2012.02.26 16:36:56 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat >
< [2012.02.18 09:22:48 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk >
< [2012.02.01 23:21:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job >
< >
< ========== Files Created - No Company Name ========== >
Invalid Switch: color]
< >
< [2012.02.29 23:11:14 | 000,001,886 | ---- | C] () -- C:\Users\Theda\Desktop\Entfernen des Avira DE-Cleaners.lnk >
< [2012.02.29 23:11:14 | 000,001,815 | ---- | C] () -- C:\Users\Theda\Desktop\Avira DE-Cleaner.lnk >
< [2012.02.29 19:43:40 | 000,147,456 | RHS- | C] () -- C:\Users\Theda\AppData\Roaming\msscbz.dll >
< [2010.12.21 16:35:12 | 000,000,000 | ---- | C] () -- C:\Windows\bdb.ini >
< [2010.09.07 20:18:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini >
< [2010.07.18 23:28:50 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini >
< [2010.03.21 19:32:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat >
< >
< < End of report >
--- --- ---
> <OTL Logfile: Code:
OTL Extras logfile created on: 01.03.2012 20:28:47 - Run 4 > Code:
< OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Theda\Downloads >
< Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation >
< Internet Explorer (Version = 8.0.6001.19088) >
< Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy >
< >
< 3,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 48,55% Memory free >
< 6,21 Gb Paging File | 4,58 Gb Available in Paging File | 73,81% Paging File free >
< Paging file location(s): ?:\pagefile.sys [binary data] >
< >
< %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files >
< Drive C: | 585,42 Gb Total Space | 299,40 Gb Free Space | 51,14% Space Free | Partition Type: NTFS >
< >
< Computer Name: THEDA | User Name: Theda | Logged in as Administrator. >
< Boot Mode: Normal | Scan Mode: Current user >
< Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days >
< >
< ========== Extra Registry (SafeList) ========== >
Invalid Switch: color]
< >
< >
< ========== File Associations ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] >
< .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) >
< .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) >
< .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) >
< >
< [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] >
< .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) >
< >
< ========== Shell Spawning ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] >
< batfile [open] -- "%1" %* >
< cmdfile [open] -- "%1" %* >
< comfile [open] -- "%1" %* >
< cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) >
< exefile [open] -- "%1" %* >
< helpfile [open] -- Reg Error: Key error. >
< hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) >
< htmlfile [edit] -- Reg Error: Key error. >
< htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" >
< http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) >
< https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) >
< inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) >
< piffile [open] -- "%1" %* >
< regfile [merge] -- Reg Error: Key error. >
< scrfile [config] -- "%1" >
< scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l >
< scrfile [open] -- "%1" /S >
< txtfile [edit] -- Reg Error: Key error. >
< Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 >
< Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) >
< Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
< Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) >
Invalid Switch: idlist,%I,%L (Microsoft Corporation)
< Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) >
Invalid Switch: idlist,%I,%L (Microsoft Corporation)
< Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
< >
< ========== Security Center Settings ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] >
< "cval" = 1 >
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] >
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] >
< "AntiVirusOverride" = 0 >
< "AntiSpywareOverride" = 0 >
< "FirewallOverride" = 0 >
< "VistaSp1" = Reg Error: Unknown registry data type -- File not found >
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] >
< >
< ========== Firewall Settings ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] >
< "EnableFirewall" = 1 >
< "DisableNotifications" = 0 >
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] >
< "EnableFirewall" = 1 >
< "DisableNotifications" = 0 >
< "DoNotAllowExceptions" = 0 >
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] >
< "EnableFirewall" = 1 >
< "DisableNotifications" = 0 >
< >
< ========== Authorized Applications List ========== >
Invalid Switch: color]
< >
< >
< ========== Vista Active Open Ports Exception List ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] >
< "{0D9B4809-3C10-48A0-86DD-A9D68C16158E}" = lport=2869 | protocol=6 | dir=in | app=system | >
< "{0FCE8EA4-5A54-4FC3-8A0D-8486C70E38D3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | >
< "{1C2613BF-DB3B-481B-824F-F444735F2065}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{1DAF50E7-66FA-4EA6-92FA-01A757C3AAF2}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | >
< "{251EDEB5-2A39-43F8-A714-A493E70139C8}" = rport=2869 | protocol=6 | dir=out | app=system | >
< "{272BB308-8136-4ACE-A25D-505C1736DAFF}" = rport=138 | protocol=17 | dir=out | app=system | >
< "{2852C818-DBC1-4077-8BDB-339882BF9F0D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | >
< "{303BFC98-4B6E-4E7F-9EC8-18B6733318BA}" = lport=137 | protocol=17 | dir=in | app=system | >
< "{3472435E-862A-4AD5-9817-C7E76C79327C}" = rport=139 | protocol=6 | dir=out | app=system | >
< "{41EC8C7C-4EB6-4A36-BC3E-2AB7C49D6504}" = lport=139 | protocol=6 | dir=in | app=system | >
< "{45D9225D-0869-4E61-A5AD-480FB8EBAD5D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | >
< "{4C73AA3E-46A1-4E60-A87E-E7C3591ACBE9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{519048E3-E92D-4FE8-8E77-BC867E520AC7}" = lport=445 | protocol=6 | dir=in | app=system | >
< "{622F7AD9-C9E6-4B06-AA3B-CF692E7E1F86}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{70A0FE2F-1909-4D50-BFE6-EAC614C7F8ED}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | >
< "{70A6DC16-3F97-4BCF-AB07-5D24DB8B1CFD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | >
< "{743AF950-41D0-4D50-8CC0-46CC91F0426C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | >
< "{7B2DA271-4E87-4919-8325-2CDEE87C5BF9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | >
< "{80C4FDC5-302B-47AC-9F64-74E851BCA6CE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | >
< "{9128684C-16A4-4119-8593-384A483943B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{9EC9ED5A-AD8C-4B96-B2C3-B9B89DCEEBEC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | >
< "{9F97E44F-97DD-4B80-8BCB-AFE19D338420}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | >
< "{AF146322-4DE8-4397-927D-1D765C14E1F2}" = lport=138 | protocol=17 | dir=in | app=system | >
< "{AF368118-676E-4635-B1B7-40773EB15B68}" = lport=2869 | protocol=6 | dir=in | app=system | >
< "{B31EF848-62D4-40B3-8C1D-FE6D5F8EFD07}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{B71B8723-F33B-462B-8BD7-AC396ED055ED}" = lport=10243 | protocol=6 | dir=in | app=system | >
< "{BB83EA0F-F607-424A-A5E2-0AC4809B1FBA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | >
< "{BFF75083-C503-45D2-893B-DE712D2DF3C9}" = rport=10243 | protocol=6 | dir=out | app=system | >
< "{C4E0D738-0F5B-43AE-B469-3A2339CF06E2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | >
< "{CB31EF3A-B696-468A-80F0-331149004040}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | >
< "{D2DC29FE-EEB7-48E0-8731-8EBDA4FE55C1}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | >
< "{DDAD6306-A4DF-42E1-AF64-791C8A8584BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | >
< "{F3870119-316B-48F4-97EB-0E9BDF22AB6E}" = rport=445 | protocol=6 | dir=out | app=system | >
< "{FC254C88-FBCB-4EB3-A89E-9F606968C41D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | >
< "{FDE941C5-E23B-4E13-AE04-883A00B2D551}" = rport=137 | protocol=17 | dir=out | app=system | >
< >
< ========== Vista Active Application Exception List ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] >
< "{05631F0B-25C3-4580-B273-A2A08B876E22}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | >
< "{06F51380-D15C-44F9-9D6B-18B1021DF3B9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | >
< "{0B3FB531-88B5-4287-8A5D-A5B1A05C42A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | >
< "{0CE85B40-803B-4934-8904-1AA3B46888BF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | >
< "{192E6FA6-04F6-4AD6-B000-D19E813DD0BF}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | >
< "{1E513480-9351-4676-ACA8-E80A130AA559}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | >
< "{25D975CA-CC61-428D-ACBC-404F144C4D35}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | >
< "{2843DD70-543B-48EC-8878-9BB8B7863478}" = protocol=6 | dir=out | app=system | >
< "{2AEB4CB7-B090-4631-AAB9-C88CE37C87B0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | >
< "{33B7B956-0B56-4018-B4A4-D4EE7EF0A9EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | >
< "{40ED6370-A2F9-4F2E-A90F-0C4FF9A46088}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | >
< "{4811F408-21D1-4FE1-AE2D-11019AA78FBE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | >
< "{4D567261-C083-4A49-9779-95C64FE14F65}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | >
< "{552BEFFF-CBF9-4971-9F96-D1F318F34D4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | >
< "{5DF15C1A-D3F2-4DC3-AA78-272986B255E9}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | >
< "{66EF07A6-FEC9-4AF1-9EF0-B83FCA3CD451}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | >
< "{73EFEEB2-8950-423C-A3DC-223EA4B559B1}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe | >
< "{92BDF649-6CAF-42DA-946A-3E7864120D0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | >
< "{96C46653-DAA7-4798-8203-70B5779F1429}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe | >
< "{97C617FA-8EEC-46A3-B673-ECDC06265611}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | >
< "{980E6C9E-DE66-44CC-81DA-9EFBE2AB0D67}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | >
< "{A7520AED-B486-4BFA-8415-E161F53A9F6C}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe | >
< "{C06D0C95-BD82-4640-BE21-A03DFD8E40FD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | >
< "{CD598967-90BD-4632-B7F2-BC2F92D7075E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | >
< "{CF17CA4C-2B5B-447A-BE89-4D25FD168797}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | >
< "{D143C24E-1151-417F-8271-9EBBC53F3B7A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | >
< "{D2ED002D-A4E2-4E3D-BA11-67CAD90311F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | >
< "{D9C00D5A-7C1E-4197-A513-B54E43786F41}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | >
< "{E51726D7-5330-4692-AE75-78E00B16E72C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | >
< "{EB667932-C450-4744-8957-2100F1A969E4}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | >
< "{F3B057A5-8579-46D7-A76F-7C085665057E}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe | >
< "{FB5478A8-7728-4511-B993-1BE59E295921}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | >
< "TCP Query User{1B64E226-5666-49AC-BAF2-CD088E3BFA95}C:\users\theda\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=6 | dir=in | app=c:\users\theda\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light | >
< "TCP Query User{49D2679C-2B27-4BF0-B39C-778560886E67}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | >
< "UDP Query User{3E36E3EE-7D92-49E1-8FE3-B78414241794}C:\users\theda\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=17 | dir=in | app=c:\users\theda\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light | >
< "UDP Query User{460AC53A-917A-45FF-91DC-91B7D605C356}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | >
< >
< ========== HKEY_LOCAL_MACHINE Uninstall List ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] >
< "_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 >
< "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium >
< "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu >
< "{080FE95E-5A89-4A54-BAAA-D769971B7C2D}" = Corel Home Office >
< "{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10 >
< "{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin >
< "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate >
< "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 >
< "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime >
< "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 >
< "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 >
< "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 >
< "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card >
< "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup >
< "{394C4F1B-8C88-404C-B644-58203570EEDB}" = MainConcept MPEG2 Software Encoder >
< "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile >
< "{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5 >
< "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 >
< "{461A4763-28B5-425A-AE3D-B9B54EDF0F21}" = CIB pdf brewer >
< "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater >
< "{513148E7-B7A1-48B2-B518-668701E546F5}" = LightScribe System Software 1.14.19.1 >
< "{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300 >
< "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml >
< "{5F6A846C-1CBA-407F-839C-DC0204547F13}" = EuroRoute 2008 >
< "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers >
< "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update >
< "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime >
< "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec >
< "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour >
< "{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4 >
< "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 >
< "{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE >
< "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable >
< "{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04 >
< "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper >
< "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch >
< "{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 >
< "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy >
< "{CE20056B-01FD-4AC1-BC39-8138CA301031}" = Nero 8 Essentials >
< "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 >
< "{D341C705-A763-4DC0-A3B6-EA13E34ADE9E}" = USB Flachbettscanner >
< "{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional >
< "{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade >
< "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support >
< "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 >
< "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver >
< "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager >
< "{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes >
< "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack >
< "{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171 >
< "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) >
< "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX >
< "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin >
< "Audiograbber" = Audiograbber 1.83 SE >
< "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus >
< "C2F5DF4DBA55AD4D004E4EDA0406903C1643F8E0" = Windows-Treiberpaket - PEGATRON GROUP (NxpCap) MEDIA (09/22/2008 1.0.5.25) >
< "Catan - Staedte und Ritter" = Catan - Städte und Ritter >
< "Chipgames Kartenspiele" = Chipgames Kartenspiele >
< "conduitEngine" = Conduit Engine >
< "Google Chrome" = Google Chrome >
< "LIDL Fotoservice_is1" = LIDL Fotoservice >
< "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU >
< "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 >
< "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile >
< "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack >
< "Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de) >
< "NCH_DE Toolbar" = NCH DE Toolbar >
< "NVIDIA Drivers" = NVIDIA Drivers >
< "RealPlayer 12.0" = RealPlayer >
< "Samsung CLX-3170 Series" = Samsung CLX-3170 Series >
< "SmarThru PC Fax" = SmarThru PC Fax >
< "Switch" = Switch Audiodatei-Konverter >
< "Werkstatt Geschichte 2" = Werkstatt Geschichte 2 >
< "WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1 >
< "ZDFmediathek_is1" = ZDFmediathek Version 2.1.5 >
< >
< ========== HKEY_CURRENT_USER Uninstall List ========== >
Invalid Switch: color]
< >
< [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] >
< >
< ========== Last 10 Event Log Errors ========== >
Invalid Switch: color]
< >
< [ Application Events ] >
< Error - 09.02.2011 12:01:10 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
< Description = >
< >
< Error - 09.02.2011 12:01:10 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
< Description = >
< >
< Error - 09.02.2011 12:06:34 | Computer Name = Theda | Source = Application Error | ID = 1000 >
< Description = Fehlerhafte Anwendung Scan2Pc.exe, Version 2.3.0.0, Zeitstempel 0x4883ebe1, >
< fehlerhaftes Modul NetModule.dll, Version 1.0.0.2, Zeitstempel 0x484d25be, Ausnahmecode >
< 0xc0000005, Fehleroffset 0x00003b7f, Prozess-ID 0xfc4, Anwendungsstartzeit 01cbc8729ce0e1a0. >
< >
< Error - 10.02.2011 11:26:25 | Computer Name = Theda | Source = WinMgmt | ID = 10 >
< Description = >
< >
< Error - 10.02.2011 11:26:37 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
< Description = >
< >
< Error - 10.02.2011 11:26:37 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
< Description = >
< >
< Error - 10.02.2011 14:01:21 | Computer Name = Theda | Source = Application Error | ID = 1000 >
< Description = Fehlerhafte Anwendung Scan2Pc.exe, Version 2.3.0.0, Zeitstempel 0x4883ebe1, >
< fehlerhaftes Modul NetModule.dll, Version 1.0.0.2, Zeitstempel 0x484d25be, Ausnahmecode >
< 0xc0000005, Fehleroffset 0x00003b7f, Prozess-ID 0xb3c, Anwendungsstartzeit 01cbc936f8d2b969. >
< >
< Error - 11.02.2011 05:22:18 | Computer Name = Theda | Source = WinMgmt | ID = 10 >
< Description = >
< >
< Error - 11.02.2011 05:22:29 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
< Description = >
< >
< Error - 11.02.2011 05:22:29 | Computer Name = Theda | Source = Microsoft-Windows-CAPI2 | ID = 131083 >
< Description = >
< >
< [ Media Center Events ] >
< Error - 27.11.2010 08:19:56 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Fehler beim Herstellen der Internetverbindung. (4956.1128) >
< >
< Error - 27.11.2010 08:19:56 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Serververbindung konnte nicht hergestellt werden.. (4956.1129) >
< >
< Error - 08.12.2010 12:22:31 | Computer Name = Theda | Source = ehRecvr | ID = 3 >
< Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) 7231 BDA >
< Analog TV Tuner >
< >
< Error - 08.12.2010 12:23:37 | Computer Name = Theda | Source = ehRecvr | ID = 3 >
< Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) 7231 BDA >
< Analog TV Tuner >
< >
< Error - 30.03.2011 12:23:29 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Fehler beim Herstellen der Internetverbindung. (1408.1128) >
< >
< Error - 30.03.2011 12:23:29 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Serververbindung konnte nicht hergestellt werden.. (1408.1129) >
< >
< Error - 30.03.2011 12:23:34 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Fehler beim Herstellen der Internetverbindung. (1408.1128) >
< >
< Error - 30.03.2011 12:23:34 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Serververbindung konnte nicht hergestellt werden.. (1408.1129) >
< >
< Error - 07.04.2011 13:59:05 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Fehler beim Herstellen der Internetverbindung. (5520.1128) >
< >
< Error - 07.04.2011 13:59:05 | Computer Name = Theda | Source = MCUpdate | ID = 0 >
< Description = Serververbindung konnte nicht hergestellt werden.. (5520.1129) >
< >
< [ System Events ] >
< Error - 01.03.2012 10:59:31 | Computer Name = Theda | Source = Service Control Manager | ID = 7000 >
< Description = >
< >
< Error - 01.03.2012 13:16:24 | Computer Name = Theda | Source = HTTP | ID = 15016 >
< Description = >
< >
< Error - 01.03.2012 13:16:24 | Computer Name = Theda | Source = Microsoft-Windows-TaskScheduler | ID = 412 >
< Description = >
< >
< Error - 01.03.2012 13:16:32 | Computer Name = Theda | Source = Service Control Manager | ID = 7000 >
< Description = >
< >
< Error - 01.03.2012 13:16:32 | Computer Name = Theda | Source = Service Control Manager | ID = 7000 >
< Description = >
< >
< Error - 01.03.2012 15:05:34 | Computer Name = Theda | Source = ipnathlp | ID = 34001 >
< Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren. >
< >
< Error - 01.03.2012 15:13:10 | Computer Name = Theda | Source = PlugPlayManager | ID = 11 >
< Description = Das Gerät "Root\LEGACY_SMR250\0000" wurde ohne vorbereitende Maßnahmen >
< vom System entfernt. >
< >
< Error - 01.03.2012 15:13:22 | Computer Name = Theda | Source = ipnathlp | ID = 31004 >
< Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet >
< werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner >
< Fehler ist im Speicher-Manager aufgetreten. >
< >
< Error - 01.03.2012 15:20:10 | Computer Name = Theda | Source = ipnathlp | ID = 34001 >
< Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren. >
< >
< Error - 01.03.2012 15:32:18 | Computer Name = Theda | Source = ipnathlp | ID = 34001 >
< Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren. >
< >
< >
< < End of report >
--- --- ---
>
< End of report >
iert |